In November 2021, GoDaddy discovered that hackers had accessed one of its databases and some of its customer data. Unfortunately, the data was compromised for over two months before GoDaddy realised it had been hacked.
The GoDaddy data breach affects 1.2 million managed WordPress customers, but if you are one of those impacted, should you be worried?
WordPress customers could be at risk following the GoDaddy data breach
Unfortunately, yes. Data exposed in the hack included WordPress admin passwords (those set automatically by the system when the website was first created) and private SLL keys. If hackers managed to get hold of your personal data and WordPress logins, they could have accessed your website. Moreover, SLL certificates help to make websites secure, so, if yours has been compromised, your website could be at high risk of hacks and other attacks.
How to protect yourself following the GoDaddy data breach
If GoDaddy has informed you that your data was breached (or if you are at all concerned that it could have been), you should take immediate steps to protect yourself. This means:
- Assuming that your website is affected by malware. Check your site using a malware scanning tool and if you find anything malicious, use a trusted malware clean-up and protection service to clean your site.
- Installing security software and running daily scans.
- Assuming that hackers have access to your website and changing all your passwords immediately. This includes your admin account, user accounts, database passwords and SFTOP credentials. Even if GoDaddy has already done this for you, we recommend that you do so again. Do not use the same passwords you use elsewhere.
- Changing your passwords if you have reused the same ones for other accounts (in addition to those listed above)
- Getting another SSL certificate. It is up to you whether you want to use GoDaddy to do this.
Also, if your website stores personal customer data and/or financial information and you have been told that your site could be compromised, you might also want to warn your customers that their data could be exposed.
Can you make a compensation claim following the hack?
If your data was exposed because of the GoDaddy data breach, you might be due compensation for any distress or losses experienced. You could be affected by the GoDaddy data breach if you:
- Are a managed WordPress customer
- Have an SSL certificate issued by GoDaddy
- Have purchased hosting through a GoDaddy reseller.
GoDaddy has contacted those affected by this breach and we strongly urge anyone who has received such a notification to get in touch with us to discuss a potential claim.